[Discuss] TrueCrypt EOL, what's next?
Richard Pieri
richard.pieri at gmail.com
Fri May 30 18:43:26 EDT 2014
Bill Ricker wrote:
> From what Steve Gibson said, the "new" key was gotten early enough it
> would have been well before current incident -- if malicious, would
> show significant premeditation.
No, the keys in question are GnuPG keys and unless someone has figured
out a key collision the GnuPG key used to sign the 7.1a binaries is the
same GnuPG key used to sign the 7.2 binaries. There is no "new" key.
Ignore the warnings; that's because I haven't signed the key on my key ring.
[ratinox at chihiro: Desktop]$ gpg --verify TrueCrypt-7.2.exe.sig
gpg: Signature made Tue, May 27, 2014 12:58:45 PM EDT using DSA key ID
F0D6B1E0
gpg: Good signature from "TrueCrypt Foundation <contact at truecrypt.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: C5F4 BAC4 A7B2 2DB8 B8F8 5538 E3BA 73CA F0D6 B1E0
[ratinox at chihiro: Desktop]$ gpg --verify TrueCrypt\ Setup\ 7.1a.exe.sig
gpg: Signature made Tue, Feb 07, 2012 3:56:28 PM EST using DSA key ID
F0D6B1E0
gpg: Good signature from "TrueCrypt Foundation <contact at truecrypt.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: C5F4 BAC4 A7B2 2DB8 B8F8 5538 E3BA 73CA F0D6 B1E0
[ratinox at chihiro: Desktop]$
You can verify that the key fingerprint is correct for yourself.
--
Rich P.
More information about the Discuss
mailing list